[4.19.y] 32-bit overflow in __blkdev_issue_discard()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please consider including into 4.19 upstream commits

ba5d73851e71847ba7f7f4c27a1a6e1f5ab91c79
("block: cleanup __blkdev_issue_discard()")

and

4800bf7bc8c725e955fcbc6191cc872f43f506d3
("block: fix 32 bit overflow in __blkdev_issue_discard()")



Overflow of unsigned long "req_sects" (fixed in second patch)
actually exist here much longer.

And 4.19 commit 744889b7cbb56a64f957e65ade7cb65fe3f35714
("block: don't deal with discard limit in blkdev_issue_discard()")
make it worse by replacing

req_sects = min_t(sector_t, nr_sects, q->limits.max_discard_sectors);

with

unsigned int req_sects = nr_sects;


because now discard length isn't cut by max_discard_sectors it easily overflows.
As a result BLKDISCARD fails unexpectedly:

ioctl(3, BLKDISCARD, [0, 0x20000000000])  = -1 EOPNOTSUPP (Operation not supported)



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux